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Detailed Action 

Information Disclosure Statement 

The information disclosure statement (IDS) submitted June 5, 2009 and July 22, 2009 are in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the IDS are considered by the Examiner. 



Allowable Subject Matter 

Claims 3, 5-6, 9-13, 15-19, 21, 29, 32-36, and 37 are allowed. 

The following is an examiner's statement of reasons for allowance: 
Prior art of record does not teach, suggest, or make obvious the claimed invention of: 
Operatively receiving at a web-services provider a request from a client to access certain user- 
specific information in a data store of user-specific information associated with the user, wherein the web- 
services provider maintains the data store, said user specific information being accessible by the user and 
having access by a client controlled by the user, said client seeking access to the certain user-specific 
information in the data store; generating an intended use request by the client identifying an intended use 
by the client of the certain user-specific information in the data store; determining a set of default access 
preferences defining a list of default access permissions allowed by the user; comparing the intended use 
with the set of default access preferences and dynamically creating an access control rule when the 
intended use of the client of the certain user-specific information is within the list of default access 
permissions; invoking a consent engine in response to the client's request if the intended use is outside 
the list of default access permissions, said consent engine informing the user of the client's request to 
access the certain user-specific information in the data store and a reason why the client desires access to 
the certain user-specific information; said consent engine inviting the user to permit or to deny the client's 
request to access the certain user-specific information in the data store; and completing the request from 
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the client to access the certain user-specific information in the data store when the generated intended use 
request by said client of the certain user-specific information is within the list of default access 
permission. 

Any comments considered necessary by applicant must be submitted no later than the payment of 
the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such 
submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 

Examiner's Amendment 

An examiner's amendment to the record appears below. Should the changes and/or additions be 
unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure 
consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with Frank R. 
Agovino, Reg. No. 27,416 on November 12, 2010. 

The application is amended as follows: 

Claims 

6. (Currently Amended) The system of claim 29 wherein the client determines determining if the client 
has a local copy of the certain user-specific information in the data store before transmitting the request, 
the client retrieving said local copy of the certain user-specific information if the local copy is available, 
the client determining if said local copy of the certain user-specific information is current and transmitting 
the request only if said local copy of the certain user-specific information is not available and not current. 

9. (Currently Amended) The system of claim 29 wherein the access control engine determines 
determining if the client has an access subscription right to the certain user-specific information in the 
data store and the access control engine permitting the client to have access to the certain user-specific 
information in the data store if the client has the access subscription right to the certain user-specific 
information in the data store. 
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10. (Currently Amended) The system of claim 29 wherein the client identifies identifying a requested 
form of access to the user-specific information in the data store and the access control engine grants 
granting the requested access to the certain user-specific information in the data store if the user has 
granted said form of access requested by the client , the identifying a requested form of access and 
granting the requested access comprises permitting the client to read the requested user-specific 
information in the data store and permitting the client to write the requested user-specific information in 
the data store. 

12. (Currently Amended) The system of claim 10 wherein permitting the client to write the certain 
requested user-specific information in the data store comprises receiving at the web-services provider a 
SOAP message from the client identifying the certain user-specific information and writing the identified 
certain user-specific information in the data store. 

15. (Currently Amended) A method of controlling access to user specific information for use in a network 
computer system including a web-services provider, a user of a service provided by the web-services 
provider, and a client of the web-services provider controlled by the user , said method of controlling 
access to the user-specific information comprising: 

operatively receiving at the web-services provider a request from the client to access the certain 
user-specific information in the a data store of user-specific information associated with the user, wherein 
the web-services provider maintaining a maintains the data store of user specific information associated 
with the user , said user specific information being accessible by the user and having access by the client 
controlled by the user, said client seeking access to the certain of the user-specific information in the data 
store; 

generating an intended use request by the client identifying an intended use by the client of the 
certain user-specific information in the data store; 

determining an allowed lovol of access permitted a set of default access preferences defining a list 
of default access permissions allowed by the user; 

comparing the generated intended use request with the determined allowed lovol of access set of 
default access preferences and dynamically creating an access control rule when the intended use of the 
client of the certain user-specific information is within the list of default access permissions : 
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invoking a consent engine in response to the client's request if the generated intended use request 
is outside the allowed level of access list of default access pennissions , said consent engine informing the 
user of the client's request to access the certain user-specific information in the data store and a reason 
why the client desires access to the certain user-specific information; said consent engine inviting the user 
to permit or to deny the client's request to access the certain user-specific information in the data store; 
and 

completing the request from the client to access the certain user-specific information in the data 
store when the generated intended use request by said client of the certain user-specific information is 
within the determined allowed level of access permitted by the - user list of default access permission . 

21. (Currently Amended) One or more non-transitory computer-readable media having computer 
execution instructions for performing the method recited in claim 15. 

29. (Currently Amended) A system for controlling access to uscr-spceific information in a network 
computing environment, the system comprising: 
a web-services service provider; 

a network communication device having memory, a display interface, and a selection menu and 
wherein a user communicates with the web-services provider via the network communication device; 

a user of a service of the wcb-scrviccs provider, the wcb-scrviccs prov ider maintaining a data 
store of user-specific information associated with the user, said user-specific information accessible by 
the user and having access by the a client controlled by the user, and a set of default access preferences 
defining a list of default access permissions allowed by the user; 

a client of the web-services provider controlled by the user , said client generating a request to 
access to certain of the user-specific information associated with the user^ said request identifying an 
intended use by the client of the certain user-specific information in the data store; 

an access control engine operatively receiving the client client's request to access the certain user- 
specific information and dynamically creating an access control rule by comparing the set of default 
access preferences with the intended use by the client, said access control rule granting the requested 
access by the client to the certain user-specific information when the intended use of the client of the 
certain user-specific information is within the list of default access permissions defined by the set of 
default access preferences allowed by the user; and 
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a consent engine generating an option list in response to the client's request for user-specific 
information having at least one entry therein based on the intended use by the client of the user-specific 
information in the data store when the intended use of the certain user-specific information is outside the 
list of default access permissions, said consent engine displaying on the display interface of the network 
communication device an option menu reflecting the generated option list, said option menu presenting a 
reason why the client desires access to the certain user-specific information and prompting the user to 
accept or reject at least one option displayed on the option menu using the selection menu interface of the 
network communication device. 

30. (Canceled) 

36. (Currently Amended) The system of claim 29 further comprising a client intentions document 
identifying the intended use by the client of the certain user-specific information in the data store. 

37. (Currently Amended) The system of claim 36 further comprising: 

a n e twork communication d e vice having a display interface and a selection m e nu and wh e r e in th e 




[[a]] the consent engine retrieving the client intentions document and generating an option list 
having at least one entry therein based on the intended use identified in the intentions document, said 
consent engine displaying on the display interface of the network communication device an option menu 
reflecting the generated option list, said option menu prompting the user to accept or reject at least one 
option displayed on the option menu using the selection menu interface of the network communication 



Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Joshua Joo whose telephone number is 571 272-3966. The examiner can normally be 
reached on Monday to Friday 8AM to 5PM. 




dth th e w e b 



provid e r via the network communication d e vic e ; and 



device. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Andrew T. Caldwell can be reached on 571 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status infonnation for published applications may be obtained 
from either Private PAIR or Public PAIR. Status infonnation for unpublished applications is available 
through Private PAIR only. For more infonnation about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



/Joshua Joo/ 
Examiner, Art Unit 2445 



